unexport cipherSuiteLookup and fix review comments

grpc · Nov 20, 2018 · a3003a5 · a3003a5
1 parent 1f4532d
commit a3003a5
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 4 deletions.
diff --git a/credentials/credentials.go b/credentials/credentials.go
@@ -142,7 +142,7 @@ func (t TLSInfo) AuthType() string {
 // GetSecurityValue returns security info requested by channelz.
 func (t TLSInfo) GetSecurityValue() ChannelzSecurityValue {
 	v := &TLSChannelzSecurityValue{
-		StandardName: CipherSuiteLookup[t.State.CipherSuite],
+		StandardName: cipherSuiteLookup[t.State.CipherSuite],
 	}
 	// Currently there's no way to get LocalCertificate info from tls package.
 	if len(t.State.PeerCertificates) > 0 {

diff --git a/test/channelz_test.go b/test/channelz_test.go
@@ -1200,6 +1200,32 @@ func TestCZServerSocketMetricsKeepAlive(t *testing.T) {
 	}
 }
 
+var cipherSuites = []string{
+	"TLS_RSA_WITH_RC4_128_SHA",
+	"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
+	"TLS_RSA_WITH_AES_128_CBC_SHA",
+	"TLS_RSA_WITH_AES_256_CBC_SHA",
+	"TLS_RSA_WITH_AES_128_GCM_SHA256",
+	"TLS_RSA_WITH_AES_256_GCM_SHA384",
+	"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+	"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+	"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+	"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+	"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+	"TLS_FALLBACK_SCSV",
+	"TLS_RSA_WITH_AES_128_CBC_SHA256",
+	"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+	"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+}
+
 func TestCZSocketGetSecurityValueTLS(t *testing.T) {
 	defer leakcheck.Check(t)
 	channelz.NewChannelzStorage()
@@ -1232,16 +1258,19 @@ func TestCZSocketGetSecurityValueTLS(t *testing.T) {
 		}
 		skt := channelz.GetSocket(id)
 		cert, _ := tls.LoadX509KeyPair(testdata.Path("server1.pem"), testdata.Path("server1.key"))
-		securityVal := skt.SocketData.Security.(*credentials.TLSChannelzSecurityValue)
+		securityVal, ok := skt.SocketData.Security.(*credentials.TLSChannelzSecurityValue)
+		if !ok {
+			return false, fmt.Errorf("the SocketData.Security is of type: %T, want: *credentials.TLSChannelzSecurityValue", skt.SocketData.Security)
+		}
 		if !reflect.DeepEqual(securityVal.RemoteCertificate, cert.Certificate[0]) {
 			return false, fmt.Errorf("SocketData.Security.RemoteCertificate got: %v, want: %v", securityVal.RemoteCertificate, cert.Certificate[0])
 		}
-		for _, v := range credentials.CipherSuiteLookup {
+		for _, v := range cipherSuites {
 			if v == securityVal.StandardName {
 				return true, nil
 			}
 		}
-		return false, fmt.Errorf("SocketData.Security.StandardName got: %v, want it to be one of %v ", securityVal.StandardName, credentials.CipherSuiteLookup)
+		return false, fmt.Errorf("SocketData.Security.StandardName got: %v, want it to be one of %v ", securityVal.StandardName, cipherSuites)
 	}); err != nil {
 		t.Fatal(err)
 	}